Gandalf_The_Grey
Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 6,576
In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.
Apple revealed in an advisory today that it's aware of reports saying the security flaw "may have been actively exploited."
The bug (CVE-2022-42827) is an out-of-bounds write issue reported to Apple by an anonymous researcher and caused by software writing data outside the boundaries of the current memory buffer.
This can result in data corruption, application crashes, or code execution because of undefined or unexpected results (also known as memory corruption) resulting from subsequent data written to the buffer.
As Apple explains, if successfully exploited in attacks, this zero-day could have been used by potential attackers to execute arbitrary code with kernel privileges.
The complete list of impacted devices includes iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later.
Apple addressed the zero-day vulnerability in iOS 16.1 and iPadOS 16 with improved bounds checking.
Apple fixes new zero-day used in attacks against iPhones, iPads
In security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year.
www.bleepingcomputer.com